University of California
BUSINESS RESOURCE CENTER
SAS 112 Key Controls Documentation
Key Control Area: Payroll (#1)
Reference to Master List
IV.5 – IV.7
Key Control
Payroll transactions are supported by time sheets approved by the
supervisor (or higher) or other appropriate documentation.
Risk
Invalid, inaccurate, or fraudulent payroll payments could be made.
Control Objective
Ensure that only valid payroll transactions are entered into PPS.
Department or group with
primary responsibility
BRC
BRC Roles, Responsibilities and Accountability
Payroll Team Preparer
Obtain approved time sheets or other appropriate documentation for all
entries made to PPS.
Payroll Team Reviewer
Read PAN (Post-Audit Notification) notice within 2-day standard,
ensuring that supporting documentation includes evidence of
appropriate approval and notification to the approver or departmental
designee.
Ensure that an approved time sheet or other appropriate
documentation supports each payroll payment.
Payroll Team Lead, Supervisor,
or designated Analyst
Periodically review a sample of transactions for documentation of
appropriate approval and notification.
Other Department
Customer departments
Submit timely, appropriately approved time sheets, or other appropriate
documentation, for all payroll activity.
Review PAN notices for consistency with departmental requests.
UCOP Budget Office
Set up or monitor system access rights.
Automated or Manual
Automated (PAN notices & tracking in PPS) and
manual
Documentation of Control
PAN “Read” dates and list of Reviewers
Appropriately approved supporting documentation for payroll entries,
including timesheets.
Frequency
On-going
Special Year-end Activity
None
Prepared by: G Blumberg
Last Updated: May 20, 2010
University of California
BUSINESS RESOURCE CENTER
SAS 112 Key Controls Documentation
Key Control Area: Payroll (#2a)
Reference to Master List
IV.5 – IV.7
Key Control
Payroll expense recorded in departmental ledgers (Payroll Subs) is
reviewed in detail on a monthly basis.
Risk
Unauthorized, inaccurate, or improperly classified payroll transactions
could be charged against departmental funds.
Control Objective
Ensure that payroll transactions recorded in the ledger are authorized,
accurate, complete, and properly classified.
Department or group with
primary responsibility
BRC
BRC Roles, Responsibilities and Accountability
Payroll Team reconciler
Reconcile payroll Subs on departmental ledgers against approved
payroll transactions, identifying and resolving significant differences.
Sign and date reconciled ledger and indicate completion in log.
Payroll Team reconciliation
reviewer
Review reconciliation, sign as Reviewer and date. Enter completion of
review into log.
Payroll Team Lead or Supervisor
Sample reconciliations to ensure Team transaction processing and
ledger reconciliations are complete, documented, and transactions are
compliant with policy.
Accountability Analyst
Provide a reconciliation log for Team Lead use in ensuring
reconciliation of all accounts.
Other Department
Automated or Manual
Manual
Documentation of Control
Log of completed reconciliations supported by reconciled ledgers
signed and dated by BRC reconciler and reviewer.
Frequency
Monthly
Special Year-end Activity
Review May reconciliations for FAUs with negative balances in Payroll
subs (01 & 02).
Prepared by: G Blumberg
Last Updated: May 20, 2010
University of California
BUSINESS RESOURCE CENTER
SAS 112 Key Controls Documentation
Key Control Area: Payroll (#2b)
Reference to Master List
IV.5 – IV.7
Key Control
BRC obtains sign-off by customer Department Head on monthly report
(reconciled to G/L) of payroll expense.
Risk
Payroll activity in customer departmental accounts does not reflect
appropriate, approved departmental staffing actions.
Control Objective
Ensure that recorded payroll activity accurately reflects approved
departmental staffing activity.
Department or group with
primary responsibility
Customer department
BRC Roles, Responsibilities and Accountability
Payroll Team staff
Accountability Assistant
Obtain or prepare monthly reports providing Department Heads clear
information, reconciled to the G/L.
Provide reconciliations with reconciler and reviewer initials to the
Accountability Team timely.
Collate payroll reconciliations with non-payroll ones and send a
reconciliation packet to the Department Head with a subdivision-level
summary (“green sheet”) for signature and return.
Maintain log of departmental sign-offs, (returned “green sheets”),
elevating non-complying departments to the Accountability Manager.
Other Department
Customer Department Head
Review subdivision-level summary (“green sheet”), sign and return to
the BRC.
UCOP Budget Office
Prepare or make available Budget to Actual reporting that ties into the
general ledger reconciliation
Automated or Manual
Manual
Documentation of Control
Monthly summary (“green sheet”) signed and returned by Department
Head
Frequency
Monthly
Special Year-end Activity
None
Prepared by: G Blumberg
Last Updated: May 20, 2010
University of California
BUSINESS RESOURCE CENTER
SAS 112 Key Controls Documentation
Key Control Area: Payroll (#3) (Same as Procurement #5)
Reference to Master List
PwC items, IV.5 – IV.7
Key Control
Monitoring is done to ensure:
1. Access rights to the UCLA systems for BRC staff are
appropriate, and
2. BRC key controls are operating.
Risk
Inappropriate transactions could be processed by BRC and not
identified as requiring correction.
Control Objective
Ensure that only properly authorized transactions that are compliant
with laws and UC/UCOP policies and properly classified as to
account/fund and fiscal year are processed through BRC.
Department or group with
primary responsibility
BRC
BRC Roles, Responsibilities and Accountability
Accountability Analyst
Produce annual report of system access rights for BRC staff and
review to ensure employees are active and rights are appropriate to
current job requirements.
Sample G/L reconciliations to ensure appropriate approval of
transactions.
Perform monitoring activities as directed by the Accountability
Manager.
Accountability Manager
Review annual system access rights report.
Supervise and direct Accountability Analyst in monitoring activities.
Establish a schedule of monitoring activities.
Other Department
UCOP Budget Office
Oversight of Oasis/Express DACSS rights for UCOP.
UCLA AIS
Generates notices to Departmental Security Administrators (DSAs) in
the UCOP Budget Office when separated or inactive employees
access Oasis.
Automated or Manual
Automated (DACSS notices) and manual.
Documentation of Control
Preparer and reviewer sign-off on annual system access report.
Schedule of monitoring activities and supporting reports.
Frequency
Per the monitoring schedule.
Special Year-end Activity
Monitor year-end cutoff activities.
Prepared by: G Blumberg
Last Updated: May 20, 2010